HIPAA & HITECH Compliance at a high level is about security; keeping data encrypted when at rest and restricting access of ePHI data. This is applied to your entire process, the entire lifecycle of the data, including when it jumps from one software to another. Formstack is one piece of your process that is HIPAA & HITECH compliant and we are not liable for ensuring that your entire process is meeting HIPAA security requirements. However, we are responsible for ensuring that when your data is within Formstack, it is in fact encrypted at rest. It is your responsibility to ensure that you have the following restrictions in place with any given integration:

Proof of HIPAA Audit

Sign a BAA

Encrypt data with SSL

Process for breach (should be in the BAA)

To learn more about HIPAA and how you can activate Formstack HIPAA compliance for your organization, please contact the Formstack Support Team. If you would like a complete copy of our Security Document, you may also fill out and submit this Form to receive the most up to date security details.